codeql

mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	0fb692400c	fix failing test	2021-06-01 13:57:13 +02:00
Alex Ford	f27dd45e4c	run formatter	2021-06-01 12:29:45 +01:00
Tom Hvitved	ecf7f24cde	C#: Sync latest `FlowSummaryImpl.qll` changes	2021-06-01 13:22:14 +02:00
Tom Hvitved	14f9a5c280	Java: Move some CSV flow summary code into shared library	2021-06-01 13:22:14 +02:00
Alex Ford	907bb9b556	add a comment	2021-06-01 12:22:04 +01:00
Alex Ford	1f931d6f76	rb/hardcoded-credentials: fix bad bracketing	2021-06-01 12:22:04 +01:00
Alex Ford	fdd4f7f616	attempt to use typetracker in rb/hardcoded-credentials	2021-06-01 12:22:04 +01:00
Alex Ford	c530ba5b11	format ql	2021-06-01 12:22:04 +01:00
Alex Ford	f1303e0ced	remove WIP files	2021-06-01 12:22:04 +01:00
Alex Ford	10175e1398	remove WIP files	2021-06-01 12:22:04 +01:00
Alex Ford	4fdd072603	WIP: HardcodedCredentials query	2021-06-01 12:22:04 +01:00
Henning Makholm	534e771309	Merge pull request #5934 from github/hmakholm/pr/monotonic-agg QL language reference: add monotonic aggregate example	2021-06-01 13:10:50 +02:00
Taus	53b7492aa3	Generate QLDoc for `getChild`	2021-06-01 10:57:39 +00:00
Taus	6cf7a12c8c	Undo field name escaping	2021-06-01 10:56:45 +00:00
Tamás Vajk	e7a349be2d	Merge pull request #5978 from tamasvajk/fix/change-note-workflow Fix change note workflow to handle paginated results	2021-06-01 12:50:32 +02:00
Anders Schack-Mulligen	fc913e744e	Java: Minor model fix.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	dbe352f3ff	Java: Remove deprecated tests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	901996f9fd	Java: Add collection flow test.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	43d1b0ab27	Java: Update qltests.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	a40880af70	Java: Add read-as-taint and config-dependent store-as-taint.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	2f087e17cb	Java: Allow <> in types for now.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	3f538e7fac	Java: Update some models.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	9e313d0cf6	Java: Remove container taint steps.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	3b6cef4f74	Java: Add container flow models.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	ffd52bb673	Java: Fix bug in matching generic signatures.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	1001dd84e6	Java: Switch array steps and one containerstep.	2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen	ce509eb7e1	Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf Dataflow: Improve performance in flow-through pruning	2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen	a4661e1aca	Merge pull request #5704 from edvraa/regexj Java: Regex injection	2021-06-01 11:45:59 +02:00
Artem Smotrakov	8dc1451d42	Better recommendation in UnsafeDeserializationRmi.qhelp Co-authored-by: Chris Smowton <smowton@github.com>	2021-06-01 12:16:09 +03:00
Erik Krogh Kristensen	0b225419a3	Merge pull request #5977 from security-prince/patch-1 Adding reference link for csurf	2021-06-01 11:07:36 +02:00
Tom Hvitved	5771b0420f	Merge pull request #5936 from hvitved/csharp/cfg/perf-tweaks C#: Various CFG related performance tweaks	2021-06-01 11:06:01 +02:00
Anders Schack-Mulligen	5d21c64247	Dataflow: qldoc fix.	2021-06-01 10:49:47 +02:00
Tamas Vajk	bc02f28ddd	Fix change note workflow to handle paginated results	2021-06-01 10:44:44 +02:00
Jonas Jensen	2261085cfe	Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements C++: More `cpp/uncontrolled-arithmetic` improvements	2021-06-01 10:44:29 +02:00
Anders Schack-Mulligen	4f9a6c151b	Dataflow: Code review fixes.	2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen	8765c33847	C++: Also check the number of parameters to keep the tests happy.	2021-06-01 10:17:57 +02:00
Ishaq Mohammed	96150a455d	Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-06-01 13:47:43 +05:30
Ishaq Mohammed	975355de4a	Adding reference link for csurf	2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen	615c805b2c	C++: Only use std::rand as a source of randomness.	2021-06-01 09:28:06 +02:00
Taus	d38520dc73	Escape field names correctly This should make `field('unique', $.whatever)` valid again.	2021-05-31 20:56:29 +00:00
Taus	64090b086c	Autogenerate QLDoc for `TreeSitter.qll` It's not quite perfect, as there's still some QLDoc missing on the various `getChild` methods, but it wasn't immediately clear to me how to get this working (especially since the QLDoc would ideally be different depending on whether there was a child index or not). Then again, `getChild` probably has a pretty intuitive meaning...	2021-05-31 20:54:10 +00:00
Henning Makholm	70b9739d2d	QL language reference: add monotonic aggregate example It's easier to understand what's going on if we start with a (contrived) example that _doesn't_ involve recursion.	2021-05-31 21:23:08 +02:00
Tom Hvitved	3ffef634d7	More synthesis refactoring - Join `TElementReferenceSynth` and `TMethodCallSynth`. - Move arity and setter information into `MethodCallKind`. - Add `Synthesis::methodCall` for specifying which method calls need synthesis.	2021-05-31 16:29:41 +02:00
Mathias Vorreiter Pedersen	41c93d92d7	C++: Remove FPs from right shifts and explicitly bounded random functions.	2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen	10755ece88	C++: Add testcase with bounded randomness source.	2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen	683f853fa5	Dataflow: Fix another bad join order.	2021-05-31 15:14:13 +02:00
Erik Krogh Kristensen	85bd8f1020	add change-note for TypeScript 4.3	2021-05-31 13:08:52 +02:00
Erik Krogh Kristensen	e6b1c61e81	add tests for TypeScript 4.3	2021-05-31 13:08:43 +02:00
Erik Krogh Kristensen	2cc2d116bc	bump extractor version	2021-05-31 13:08:24 +02:00
Erik Krogh Kristensen	35d7fda5e2	update typescript to 4.3 in the extractor	2021-05-31 13:08:09 +02:00

... 298 299 300 301 302 ...

41418 Commits